public function run($request)
 {
     $shareTokens = ShareToken::get();
     $removeCount = 0;
     foreach ($shareTokens as $token) {
         if ($token->isExpired()) {
             $token->delete();
             $removeCount++;
         }
     }
     echo "Removed {$removeCount} expired share tokens.\n";
 }
예제 #2
0
 /**
  * Upload new media.
  *
  * @return string standard json envelope
  */
 public function upload()
 {
     $httpObj = new Http();
     $attributes = $_REQUEST;
     $albums = array();
     if (isset($attributes['albums']) && !empty($attributes['albums'])) {
         $albums = (array) explode(',', $attributes['albums']);
     }
     $token = null;
     if (isset($attributes['token']) && !empty($attributes['token'])) {
         $shareTokenObj = new ShareToken();
         $tokenArr = $shareTokenObj->get($attributes['token']);
         if (empty($tokenArr) || $tokenArr['type'] != 'upload') {
             return $this->forbidden('No permissions with the passed in token', false);
         }
         $attributes['albums'] = $tokenArr['data'];
         $token = $tokenArr['id'];
         $attributes['permission'] = '0';
     } else {
         getAuthentication()->requireAuthentication(array(Permission::create), $albums);
         getAuthentication()->requireCrumb();
     }
     // determine localFile
     extract($this->parseMediaFromRequest());
     // Get file mimetype by instantiating a photo object
     //  getMediaType is defined in parent abstract class Media
     $photoObj = new Photo();
     $mediaType = $photoObj->getMediaType($localFile);
     // Invoke type-specific
     switch ($mediaType) {
         case Media::typePhoto:
             return $this->api->invoke("/{$this->apiVersion}/photo/upload.json", EpiRoute::httpPost);
         case Media::typeVideo:
             return $this->api->invoke("/{$this->apiVersion}/video/upload.json", EpiRoute::httpPost);
     }
     return $this->error('Unsupported media type', false);
 }
 /**
  * @param SS_HTTPRequest $request
  *
  * @return string|HTMLText
  */
 public function preview(SS_HTTPRequest $request)
 {
     $key = $request->param('Key');
     $token = $request->param('Token');
     /**
      * @var ShareToken $shareToken
      */
     $shareToken = ShareToken::get()->filter('token', $token)->first();
     if (!$shareToken) {
         return $this->errorPage();
     }
     $page = Versioned::get_one_by_stage('SiteTree', 'Stage', sprintf('"SiteTree"."ID" = \'%d\'', $shareToken->PageID));
     $latest = Versioned::get_latest_version('SiteTree', $shareToken->PageID);
     $controller = $this->getControllerFor($page);
     if (!$shareToken->isExpired() && $page->generateKey($shareToken->Token) === $key) {
         Requirements::css(SHAREDRAFTCONTENT_DIR . '/css/top-bar.css');
         // Temporarily un-secure the draft site and switch to draft
         $oldSecured = Session::get('unsecuredDraftSite');
         $oldMode = Versioned::get_reading_mode();
         $restore = function () use($oldSecured, $oldMode) {
             Session::set('unsecuredDraftSite', $oldSecured);
             Versioned::set_reading_mode($oldMode);
         };
         // Process page inside an unsecured draft container
         try {
             Session::set('unsecuredDraftSite', true);
             Versioned::reading_stage('Stage');
             // Create mock request; Simplify request to single top level reqest
             $pageRequest = new SS_HTTPRequest('GET', $page->URLSegment);
             $pageRequest->match('$URLSegment//$Action/$ID/$OtherID', true);
             $rendered = $controller->handleRequest($pageRequest, $this->model);
             // Render draft heading
             $data = new ArrayData(array('Page' => $page, 'Latest' => $latest));
             $include = (string) $data->renderWith('Includes/TopBar');
         } catch (Exception $ex) {
             $restore();
             throw $ex;
         }
         $restore();
         return str_replace('</body>', $include . '</body>', (string) $rendered->getBody());
     } else {
         return $this->errorPage();
     }
 }
 /**
  * @return ShareToken
  */
 protected function getNewShareToken()
 {
     if (!$this->owner->ShareTokenSalt) {
         $this->owner->ShareTokenSalt = $this->getNewToken();
         $this->owner->write();
     }
     $found = null;
     $token = null;
     $tries = 1;
     $limit = 5;
     while (!$found && $tries++ < $limit) {
         $token = $this->getNewToken();
         $found = ShareToken::get()->filter(array("Token" => $token, "PageID" => $this->owner->ID))->first();
     }
     $config = Config::inst()->forClass('ShareDraftContentSiteTreeExtension');
     $validForDays = $config->valid_for_days;
     $token = ShareToken::create(array("Token" => $token, "ValidForDays" => $validForDays, "PageID" => $this->owner->ID));
     $token->write();
     return $token;
 }
예제 #5
0
 protected function parseFilters($filterOpts)
 {
     // If the user is logged in then we can display photos based on group membership
     $shareTokenObj = new ShareToken();
     $token = null;
     $permission = 0;
     if ($this->user->isAdmin()) {
         $permission = 1;
     }
     // This section enables in path parameters which are normally GET
     $pageSize = $this->config->pagination->photos;
     $filters = array('sortBy' => 'dateTaken,desc');
     if ($filterOpts !== null) {
         $filterOpts = (array) explode('/', $filterOpts);
         foreach ($filterOpts as $value) {
             $dashPosition = strpos($value, '-');
             if (!$dashPosition) {
                 continue;
             }
             $parameterKey = substr($value, 0, $dashPosition);
             $parameterValue = substr($value, $dashPosition + 1);
             switch ($parameterKey) {
                 case 'pageSize':
                     $pageSize = intval($parameterValue);
                     break;
                 case 'sortBy':
                     $sortOptions = (array) explode(',', $value);
                     if (count($sortOptions) != 2 || preg_match('/[^a-zA-Z0-9,]/', $parameterValue)) {
                         continue;
                     }
                     $filters[$parameterKey] = $parameterValue;
                     break;
                 case 'token':
                     $token = $shareTokenObj->get($parameterValue);
                     break;
                 default:
                     $filters[$parameterKey] = $parameterValue;
                     break;
             }
         }
     }
     // merge path parameters with GET parameters. GET parameters override
     if (isset($_GET['pageSize']) && intval($_GET['pageSize']) == $_GET['pageSize']) {
         $pageSize = intval($_GET['pageSize']);
     }
     $filters = array_merge($filters, $_GET);
     $page = 1;
     if (isset($filters['page'])) {
         $page = $filters['page'];
     }
     $protocol = $this->utility->getProtocol(false);
     if (isset($filters['protocol'])) {
         $protocol = $filters['protocol'];
     }
     if ($token !== null) {
         if ($token !== false) {
             switch ($token['type']) {
                 // if it's a token album then we make sure it's an album page by
                 //  checking $filters['album']. this works because even on a photo
                 //  detail page we might be in an album context
                 // we don't do this for a single photo because it could lead to
                 //  inadvertently leaking an entire album by passing a album token
                 //  but looking at a random photo (that might not belong to the album.
                 //  in this case the only protection is next/previous but the details
                 //  are leaked
                 case 'album':
                     if (isset($filters['album']) && $filters['album'] == $token['data']) {
                         $permission = 1;
                     }
                     // set permission to be pubilc for this request
                     break;
             }
         }
     }
     if ($permission == 0) {
         $filters['permission'] = $permission;
     }
     return array('filters' => $filters, 'token' => $token, 'pageSize' => $pageSize, 'protocol' => $protocol, 'page' => $page);
 }